Sign the Certificate Request
To sign the certificate request:
1 Send the certificate.req file you generated to your certificate authority for signing.
If the request is successful, the certificate authority will send back an identity certificate that is digitally signed with the certificate authority's private key.
Note: The certificate authority must return a base-64 encoded identity certificate.
2 Open the identity certificate and verify that the Issued to field includes the DNS you provided upon creating the certificate request.
3 Build a certification chain from your identity certificate to your trusted root certificate.
You need to obtain all of the intermediate certificates, as well as your root certificate authority's self-signed certificate.
If you are using a well-known certificate authority, the intermediate certificates and the root certificate authority's self-signed certificate can be downloaded from your certificate authority website. If you are using your own internal certificate authority, contact the necessary entity to provide you with the required intermediate and self-signed certificate.
In the above example, the certificate was issued by Go Daddy Secure Certification Authority to *.ctera.me. To build the certification chain, obtain a certificate issued to Go Daddy Secure Certification Authority.
To continue the certification chain, you must obtain a certificate issued to the same authority that the previous certificate was issued by. You continue the chain until the certification chain is complete, with the last certificate, which is a self-signed certificate, issued to and by the same entity.